Search Results

https://github.com/nccgroup/ScoutSuite will generate an HTML report outlining various issues that exist in the configuration for a given account. Install: git clone git@github.com:nccgroup/ScoutSuite.git cd ScoutSuite pipenv --python 3 pipenv shell pip i...

git clone git@github.com:hausec/PowerZure.git cd PowerZure pwsh-preview # Authenticate Connect-AzAccount # Import PowerZure # impo is shorthand for Import-Module ipmo ./PowerZure.ps1 # If you have multiple subscriptions, set the one you want to t...

For example: get-help Get-AzureTargets

Show-AzureKeyVaultContent -All Resource: https://hausec.com/2020/01/31/attacking-azure-azure-ad-and-introducing-powerzure/

New-AzureUser -Username 'test@test.com' -Password reallyAwesomePassword123!  

git clone git@github.com:NetSPI/MicroBurst.git cd MicroBurst pwsh-preview # Authenticate Connect-AzAccount # Import MicroBurst ipmo ./MicroBurst.psm1 # Install module for Out-GridView Install-Module Microsoft.PowerShell.GraphicalTools # Show...

git clone https://github.com/cyberark/SkyArk cd SkyArk pwsh-preview Import-Module .\SkyArk.ps1 -force Start-AzureStealth Resource: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Cloud - Azure Pentest.md

az ad app list --output=table --query='[].{Name:displayName,URL:homepage}'  

az ad sp list --output=table --query='[].{Name:displayName,Enabled:accountEnabled,URL:homepage,Publisher:publisherName,MetadataURL:samlMetadataUrl}'  

az ad group list --output=json --query='[].{Group:displayName,Description:description}' Resource: https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/

For anyone running into this issue, I wrote a script to re-link users for an ou to Azure AD. In my case, I moved all users from the ou I wanted to re-sync to Temp, ran the script, moved users back to the desired ou and re-ran the sync. Import-Module ActiveDir...

Simply navigate to this page and use the magical Try it button to use the REST API to grab this info. Neat! CLI az vmss list

az vmss list | jq '.[].name, .[].resourceGroup'  

az vmss list-instances -n $VMSS_NAME -g $RESOURCE_GROUP Resource: https://docs.microsoft.com/en-us/cli/azure/vmss?view=azure-cli-latest https://github.com/andyt530/az2tf/blob/master/scripts/295_azurerm_virtual_machine_scale_set.sh

az vmss list-instances -n $VMSS_NAME -g $RESOURCE_GROUP | jq '.[].osProfile.computerName'

This will run commands in the instance with an id of 0. See the above commands for how to get the id that corresponds to the instance you want to work with. az vmss run-command invoke -g $RESOURCE_GROUP -n $VMSS_NAME --command-id RunShellScript --instance-id ...

curl -s -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/instance?api-version=2020-09-01"  

curl -s -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com" Resources:Official docsAccessible endpointsGet access token